OpenID Connect is a core component of an identity management suite. An identity layer used on top of OAuth, OpenID Connect is a modern federation specification.

Related articles

Build GDPR Compliant APIs with OpenID Connect

GDPR, the European Union’s General Data Protection Regulation, came into effect in March of 2018. This new regulation sets the privacy and security expectations for handling user data, and applies to every actor evenly tangentially related to the European market. As an API practitioner, it’s absolutely essential that you understand how to build products that…

Read More

What is The Role of Identity in API Security?

What options do APIs and microservices have when it comes to authentication and authorization? What is the role of identity in API security? In our last LiveCast, we sought to discover best practices for handling identity within API security. We featured two illuminating lightning talks; one from David Garney of Tyk and another from Travis Spencer of…

Read More

Assisted Token Flow: The Answer to OAuth Integration in Single Page Applications

OAuth is an incredibly popular internet standard for granting apps and web services access to the information available on other websites. Though the implementation is complex, the premise is simple: you tell a website you want to access its data, you log in with the user’s details, and off you go — but without some…

Read More

High-Grade API Security For Banks

Financial institutions occupy a special zone for APIs largely because of how stringent the regulatory compliance rulesets are. The data that financial institutions leverage are protected wiy by a variety of regulatory ordinances, and as such, this data has to be stringently controlled, secured, and managed – hence why high-grade API security is such a…

Read More

Securing the IoT for Decades to Come

In 2007 Kevin Kelly gave a TED talk in which he forecasted how the World Wide Web would lo 5000 days into the future, prophesizing the emergence of the IoT and AI. He envisioned a connected planet where all manufactured goods tap into a single, global, intelligent network. At the time, the Internet of…

Read More

API Keys ≠ Security: Why API Keys Are Not Enough

Despite the alluring simplicity and ease of utilizing API Keys, the shifting of security responsibility, lack of granular control, and misunderstanding of purpose and use amongst most developers makes solely relying on API Keys a poor decision. More than just protecting API keys, we need to program robust identity control and access management features to safeguard the entire API platform….